#2506 closed task (fixed)
mailman: unsolicited mass subscription attempts
| Reported by: | neteler | Owned by: | |
|---|---|---|---|
| Priority: | blocker | Milestone: | Sysadmin Contract 2020-II |
| Component: | SysAdmin | Keywords: | Mailing Lists |
| Cc: | bjorn |
Description
This case https://lists.osgeo.org/pipermail/geoforall/2020-August/005734.html
and many comments to me as a list admin let me investigate the case of apparent mass subscription attempts: many users to many OSGeo lists.
What I found out by analysing the mailman subscription logs:
This IP 198.46.202.103
nslookup 198.46.202.103 ... Non-authoritative answer: 103.202.46.198.in-addr.arpa name = 198-46-202-103-host.colocrossing.com.
tried to subscribe > 2831 (!) different email addresses to 286 OSGeo lists:
# how many different email addresses: grep 198.46.202.103 subscribe* | cut -d' ' -f8 | sort -u | wc -l 2831 # how many OSGeo lists used grep 198.46.202.103 subscribe* | cut -d' ' -f6 | sort -u | wc -l 286
Hence, we see a new quality of spammers being active here who try to subscribe email addresses they apparently have harvested somewhere to our mailman server, like trying to subscribe one email to many OSGeo lists. Normally nothing happens (that's why I don't understand yet the spammer's interest in this) unless the email owner actually accepts the confirmation email.
Question: can we block these attacks?
Maybe related to #2475
Change History (10)
comment:1 by , 4 years ago
comment:2 by , 4 years ago
I found this solution https://www.ralfj.de/blog/2018/06/10/mailman-subscription-spam-continued.html
at the bottom it mentions:
Update: With Mailman 2.1.30, this patch is now included upstream. The CAPTCHAS format is slightly different than above to support multiple languages; consult the Mailman documentation for further details. /Update
and we have 2.1.20
Will go verify that 2.1.30 does have the capthca
comment:3 by , 4 years ago
| Cc: | added |
|---|
Mass unsubscription also happened in postgis-devel. 7 people were unsubscribed.
comment:5 by , 4 years ago
Sorry, I see this ticket is about mass _subscription_, not unsubscription. We probably need another ticket for unsubscription. Martin: SUBSCRIBE_FORM_SECRET is set already (since 2016)
comment:6 by , 4 years ago
Mailman upgrade ticket is #2174 -- neteler your input is going to be useful there
comment:7 by , 4 years ago
| Milestone: | Unplanned → Sysadmin Contract 2020-II |
|---|
comment:9 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Assuming closed by upgrade. Feel free to reopen if this is not the case.
comment:10 by , 4 years ago
I just checked
/var/log/mailman/subscribe.*
and no longer see undesired mass-subscription attempts.
Found some hints:
Seems we need (if we don't have yet) to activate some
SUBSCRIBE_FORM_SECRETsecret.Anyone?